---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: network-attachment-definitions.k8s.cni.cncf.io
spec:
  group: k8s.cni.cncf.io
  scope: Namespaced
  names:
    plural: network-attachment-definitions
    singular: network-attachment-definition
    kind: NetworkAttachmentDefinition
    shortNames:
    - net-attach-def
  versions:
    - name: v1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                config:
                  type: string
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: multus
rules:
  - apiGroups: ["k8s.cni.cncf.io"]
    resources:
      - '*'
    verbs:
      - '*'
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/status
    verbs:
      - get
      - list
      - update
      - watch
  - apiGroups:
      - ""
      - events.k8s.io
    resources:
      - events
    verbs:
      - create
      - patch
      - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: multus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: multus
subjects:
- kind: ServiceAccount
  name: multus
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: multus
  namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: multus-daemon-config
  namespace: kube-system
  labels:
    tier: node
    app: multus
data:
  daemon-config.json: |
    {
        "confDir": "/host/etc/cni/net.d",
        "logToStderr": true,
        "logLevel": "debug",
        "logFile": "/tmp/multus.log",
        "binDir": "/host/opt/cni/bin",
        "cniDir": "/var/lib/cni/multus",
        "socketDir": "/host/run/multus",
        "cniVersion": "{{ CNI_VERSION }}",
        "cniConfigDir": "/host/etc/cni/net.d",
        "multusConfigFile": "auto",
        "forceCNIVersion": true,
        "multusAutoconfigDir": "/host/etc/cni/net.d"
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-multus-ds-amd64
  namespace: kube-system
  labels:
    tier: node
    app: multus
    name: multus
spec:
  selector:
    matchLabels:
      name: multus
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        tier: node
        app: multus
        name: multus
    spec:
      hostNetwork: true
      hostPID: true
      nodeSelector:
        kubernetes.io/arch: amd64
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: multus
      containers:
      - name: kube-multus
        image: localhost:5000/multus:e2e
        command: [ "/usr/src/multus-cni/bin/multus-daemon" ]
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: true
        volumeMounts:
        - name: cni
          mountPath: /host/etc/cni/net.d
        - name: cnibin
          mountPath: /host/opt/cni/bin
        - name: host-run
          mountPath: /host/run
        - name: host-var-lib-cni-multus
          mountPath: /var/lib/cni/multus
        - name: host-run-netns
          mountPath: /run/netns
          mountPropagation: HostToContainer
        - name: multus-daemon-config
          mountPath: /etc/cni/net.d/multus.d
          readOnly: true
        - name: kubelet-pod-resources
          mountPath: /var/lib/kubelet/pod-resources
          readOnly: true
        env:
        - name: MULTUS_NODE_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.nodeName
      initContainers:
      - name: install-multus-shim
        image: localhost:5000/multus:e2e
        command:
          - "/usr/src/multus-cni/bin/install_multus"
          - "-d"
          - "/host/opt/cni/bin"
          - "-t"
          - "thick"
        resources:
          requests:
            cpu: "10m"
            memory: "15Mi"
        securityContext:
          privileged: true
        volumeMounts:
          - name: cnibin
            mountPath: /host/opt/cni/bin
            mountPropagation: Bidirectional
      volumes:
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: cnibin
          hostPath:
            path: /opt/cni/bin
        - name: kubelet-pod-resources
          hostPath:
            path: /var/lib/kubelet/pod-resources
        - name: multus-daemon-config
          configMap:
            name: multus-daemon-config
            items:
            - key: daemon-config.json
              path: daemon-config.json
        - name: host-run
          hostPath:
            path: /run
        - name: host-var-lib-cni-multus
          hostPath:
            path: /var/lib/cni/multus
        - name: host-run-netns
          hostPath:
            path: /run/netns/
